• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Friday News Roundup – June 28

June 28, 2019 By Trevor Collins

This week we saw lots of interesting cyber security reports. We would love to cover all of them in depth, but we just don’t have the time. Here’s the top security reports that we missed out on this week.

  • Norsk Hydro recently got hit with ransomware and BBC recently covered the aftermath of the attack. This five-minute video shows just how must devastation ransomware causes. If Norsk Hydro had appropriate backups, they could recover far sooner. https://www.bbc.com/news/av/technology-48707033/ransomware-cyber-attacks-are-targeting-large-companies-and-demanding-huge-payments
  • A new tool came out to show hidden Active Directory (AD) privilege inheritance and how a malicious user might be able to move laterally inside your infrastructure. https://www.darknet.org.uk/2019/06/bloodhound-hacking-active-directory-trust-relationships
  • In response to Iran shooting down a United States drone, the US and Iran allegedly launched cyber-attacks against each other. https://www.scmagazine.com/home/network-security/u-s-launched-cyberattacks-on-iranian-intel-targets-report
  • A study shows that downloading from the official Google Play store doesn’t always mean the aps are secure. Researchers from the University of Sydney and Commonwealth Scientific and Industrial Research Organization’s Data61 found lots of malicious content on GooglePlay in a recent study. To help protect yourself, consider installing an Antivirus application on your phone.  https://thenextweb.com/security/2019/06/24/study-google-play-is-riddled-with-thousands-of-data-stealing-counterfeit-apps/
  • A security research group disclosed a GPS spoofing flaw in Tesla cars. They found attackers could easily exploit the vulnerability remotely. https://www.regulus.com/blog/tesla-model-3-spoofed-off-the-highway-regulus-researches-hack-navigation-system-causing-car-to-steer-off-road/ and https://insidegnss.com/tesla-model-s-and-model-3-prove-vulnerable-to-gps-spoofing-attacks-research-from-regulus-cyber-shows/
  • Cybereason claims hackers have stolen tons of data from over a dozen global telecoms around the world. In their report, Cybereason claims that China supported these campaigns. https://www.cybereason.com/press/cybereason-uncovers-massive-state-sponsored-espionage-operation-leveraging-privately-owned-critical-infrastructure-companies
  • Researchers from Finite State found more evidence that Huawei has not been prioritizing security during development of some of their products. https://www.scmagazine.com/home/security-news/vulnerabilities/huawei-products-riddled-with-backdoors-zero-days-and-critical-vulnerabilities/
  • A Medium user going by the Mr. Robot alias Elliot Alderson, wrote about his findings while researching MFSocket, A Chinese surveillance app. The researcher found that police in Beijing and Shanghai were installing the malware on phones while “inspecting” them at a policy station. While we can’t recommend anything illegal, we would leave our cellphone at home if we travel through these parts.   https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
  • The EU is preparing for Russian and Chinese cyber attacks by running cyber war games. https://www.theguardian.com/technology/2019/jun/27/eu-war-games-prepare-russia-china-cyber-attacks
  • Researchers found critical vulnerabilities in Cisco and Kurbernetes products this week. Be sure to check if you are affected and patch ASAP! Cisco: https://www.zdnet.com/article/new-cisco-critical-bugs-9-810-severity-nexus-security-flaws-need-urgent-update/ Kurbernetes: https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attackers-run-code-on-host-machine/

If we missed any big stories, let us know in the comments below.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news

Comments

  1. Judy Gasperini says

    July 1, 2019 at 7:11 am

    How about the three Florida municipalities that have been data breached just in June? Lake City’s entire network was disabled and the city made a bitcoin payment of $500K. Riviera Beach, FL received a similar attack demanding $600K. Most recently Key Biscayne had a data breach. Managed IT security service providers could have helped to detect and mitigate cyberattacks before they become data breach headlines.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use